<!DOCTYPE html><html lang="zh-CN" data-theme="light"><head><meta charset="UTF-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1.0, minimum-scale=1.0, maximum-scale=1.0, user-scalable=no"><title>惜缘怀古的博客 - 欢迎你来到我的小世界</title><meta name="keywords" content="惜缘怀古，博客"><meta name="author" content="惜缘怀古"><meta name="copyright" content="惜缘怀古"><meta name="format-detection" content="telephone=no"><meta name="theme-color" content="#ffffff"><meta name="description" content="唯有那份炫目，未曾忘却">
<meta property="og:type" content="website">
<meta property="og:title" content="惜缘怀古的博客">
<meta property="og:url" content="https://xiyuanhuaigu.gitee.io/index.html">
<meta property="og:site_name" content="惜缘怀古的博客">
<meta property="og:description" content="唯有那份炫目，未曾忘却">
<meta property="og:locale" content="zh_CN">
<meta property="og:image" content="https://xiyuanhuaigu.gitee.io/img/2.jpg">
<meta property="article:author" content="惜缘怀古">
<meta property="article:tag" content="惜缘怀古，博客">
<meta name="twitter:card" content="summary">
<meta name="twitter:image" content="https://xiyuanhuaigu.gitee.io/img/2.jpg"><link rel="shortcut icon" href="/img/favicon.png"><link rel="canonical" href="https://xiyuanhuaigu.gitee.io/"><link rel="preconnect" href="//cdn.jsdelivr.net"/><link rel="preconnect" href="//busuanzi.ibruce.info"/><link rel="stylesheet" href="/css/index.css"><link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/@fortawesome/fontawesome-free/css/all.min.css" media="print" onload="this.media='all'"><link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/@fancyapps/ui/dist/fancybox.css" media="print" onload="this.media='all'"><script>const GLOBAL_CONFIG = { 
  root: '/',
  algolia: undefined,
  localSearch: undefined,
  translate: undefined,
  noticeOutdate: undefined,
  highlight: {"plugin":"highlighjs","highlightCopy":true,"highlightLang":true,"highlightHeightLimit":false},
  copy: {
    success: '复制成功',
    error: '复制错误',
    noSupport: '浏览器不支持'
  },
  relativeDate: {
    homepage: false,
    post: false
  },
  runtime: '',
  date_suffix: {
    just: '刚刚',
    min: '分钟前',
    hour: '小时前',
    day: '天前',
    month: '个月前'
  },
  copyright: undefined,
  lightbox: 'fancybox',
  Snackbar: undefined,
  source: {
    jQuery: 'https://cdn.jsdelivr.net/npm/jquery@latest/dist/jquery.min.js',
    justifiedGallery: {
      js: 'https://cdn.jsdelivr.net/npm/justifiedGallery/dist/js/jquery.justifiedGallery.min.js',
      css: 'https://cdn.jsdelivr.net/npm/justifiedGallery/dist/css/justifiedGallery.min.css'
    }
  },
  isPhotoFigcaption: false,
  islazyload: false,
  isanchor: false
}</script><script id="config-diff">var GLOBAL_CONFIG_SITE = {
  title: '惜缘怀古的博客',
  isPost: false,
  isHome: true,
  isHighlightShrink: false,
  isToc: false,
  postUpdate: '2024-01-18 10:16:30'
}</script><noscript><style type="text/css">
  #nav {
    opacity: 1
  }
  .justified-gallery img {
    opacity: 1
  }

  #recent-posts time,
  #post-meta time {
    display: inline !important
  }
</style></noscript><script>(win=>{
    win.saveToLocal = {
      set: function setWithExpiry(key, value, ttl) {
        if (ttl === 0) return
        const now = new Date()
        const expiryDay = ttl * 86400000
        const item = {
          value: value,
          expiry: now.getTime() + expiryDay,
        }
        localStorage.setItem(key, JSON.stringify(item))
      },

      get: function getWithExpiry(key) {
        const itemStr = localStorage.getItem(key)

        if (!itemStr) {
          return undefined
        }
        const item = JSON.parse(itemStr)
        const now = new Date()

        if (now.getTime() > item.expiry) {
          localStorage.removeItem(key)
          return undefined
        }
        return item.value
      }
    }
  
    win.getScript = url => new Promise((resolve, reject) => {
      const script = document.createElement('script')
      script.src = url
      script.async = true
      script.onerror = reject
      script.onload = script.onreadystatechange = function() {
        const loadState = this.readyState
        if (loadState && loadState !== 'loaded' && loadState !== 'complete') return
        script.onload = script.onreadystatechange = null
        resolve()
      }
      document.head.appendChild(script)
    })
  
      win.activateDarkMode = function () {
        document.documentElement.setAttribute('data-theme', 'dark')
        if (document.querySelector('meta[name="theme-color"]') !== null) {
          document.querySelector('meta[name="theme-color"]').setAttribute('content', '#0d0d0d')
        }
      }
      win.activateLightMode = function () {
        document.documentElement.setAttribute('data-theme', 'light')
        if (document.querySelector('meta[name="theme-color"]') !== null) {
          document.querySelector('meta[name="theme-color"]').setAttribute('content', '#ffffff')
        }
      }
      const t = saveToLocal.get('theme')
    
          if (t === 'dark') activateDarkMode()
          else if (t === 'light') activateLightMode()
        
      const asideStatus = saveToLocal.get('aside-status')
      if (asideStatus !== undefined) {
        if (asideStatus === 'hide') {
          document.documentElement.classList.add('hide-aside')
        } else {
          document.documentElement.classList.remove('hide-aside')
        }
      }
    
    const detectApple = () => {
      if (GLOBAL_CONFIG_SITE.isHome && /iPad|iPhone|iPod|Macintosh/.test(navigator.userAgent)){
        document.documentElement.classList.add('apple')
      }
    }
    detectApple()
    })(window)</script><meta name="generator" content="Hexo 5.4.0"></head><body><div id="sidebar"><div id="menu-mask"></div><div id="sidebar-menus"><div class="avatar-img is-center"><img src="/img/2.jpg" onerror="onerror=null;src='/img/friend_404.gif'" alt="avatar"/></div><div class="site-data is-center"><div class="data-item"><a href="/archives/"><div class="headline">文章</div><div class="length-num">66</div></a></div><div class="data-item"><a href="/tags/"><div class="headline">标签</div><div class="length-num">0</div></a></div><div class="data-item"><a href="/categories/"><div class="headline">分类</div><div class="length-num">0</div></a></div></div><hr/></div></div><div class="page" id="body-wrap"><header class="full_page" id="page-header" style="background-image: url('https://gimg2.baidu.com/image_search/src=http%3A%2F%2Fi0.hdslb.com%2Fbfs%2Farticle%2F3213259c70268dc2a32c6666d7861bf65fa487a0.jpg&amp;refer=http%3A%2F%2Fi0.hdslb.com&amp;app=2002&amp;size=f9999,10000&amp;q=a80&amp;n=0&amp;g=0n&amp;fmt=jpeg?sec=1636166607&amp;t=a6f3b742174dda05e9c7222a32bc3b96')"><nav id="nav"><span id="blog_name"><a id="site-name" href="/">惜缘怀古的博客</a></span><div id="menus"><div id="toggle-menu"><a class="site-page"><i class="fas fa-bars fa-fw"></i></a></div></div></nav><div id="site-info"><h1 id="site-title">惜缘怀古的博客</h1></div><div id="scroll-down"><i class="fas fa-angle-down scroll-down-effects"></i></div></header><main class="layout" id="content-inner"><div class="recent-posts" id="recent-posts"><div class="recent-post-item"><div class="post_cover left"><a href="/2023/11/06/2023%E8%93%9D%E5%B8%BD%E6%9D%AF%E5%86%B3%E8%B5%9BWP/" title="2023蓝帽杯决赛WP"><img class="post_bg" src="https://xyhutc.oss-cn-qingdao.aliyuncs.com/giteetuchuang/20231106163334.png" onerror="this.onerror=null;this.src='/img/404.jpg'" alt="2023蓝帽杯决赛WP"></a></div><div class="recent-post-info"><a class="article-title" href="/2023/11/06/2023%E8%93%9D%E5%B8%BD%E6%9D%AF%E5%86%B3%E8%B5%9BWP/" title="2023蓝帽杯决赛WP">2023蓝帽杯决赛WP</a><div class="article-meta-wrap"><span class="post-meta-date"><i class="far fa-calendar-alt"></i><span class="article-meta-label">发表于</span><time datetime="2023-11-06T08:31:51.000Z" title="发表于 2023-11-06 16:31:51">2023-11-06</time></span></div><div class="content">攻击路线图
外网区任务一：引流APK渗透步骤1：二维码分析
下载引流APK

解析二维码，发现flag和apk下载地址

步骤2：apk分析
下载apk并进行分析，使用 jadx 工具中全局搜索 flag{ 关键字

从搜索结果中，找到flag，双击即可复制，里面有两个flag，但是只有一个flag是正确的。

步骤3：通过apk发现目标其他网站
因为apk下载地址是：
http://172.16.20.200/%E6%B8%B8%E6%88%8F.apk
因此全局搜172.16.搜其他目标其他地址

02
任务二：博彩网站主站渗透访问从apk中发现的网站http://172.16.10.102，发现是博彩网站主站

步骤4：文件上传获取目标服务器权限
访问系统之后，点击右上角的注册，根据要求填写信息，注册一个普通用户

注册成功之后在上面填入用户名和密码，登录系统
点击会员中心

在基本资料处有一个文件上传

在【会员中心】-【基本资料】处，点击【选择文件】，随意选择任意一张图片，尝试修改修改后缀为ini，发现可以成功上传

步骤5：绕过WAF
上传 .user.ini 文件，尝试对 ...</div></div></div><div class="recent-post-item"><div class="post_cover right"><a href="/2023/10/20/%E6%94%BB%E9%98%B2%E4%B8%96%E7%95%8CRE/" title="攻防世界RE"><img class="post_bg" src="https://xyhutc.oss-cn-qingdao.aliyuncs.com/giteetuchuang/c78ed35b1e3999643d52a652257558af0a15b4c9_raw.jpg" onerror="this.onerror=null;this.src='/img/404.jpg'" alt="攻防世界RE"></a></div><div class="recent-post-info"><a class="article-title" href="/2023/10/20/%E6%94%BB%E9%98%B2%E4%B8%96%E7%95%8CRE/" title="攻防世界RE">攻防世界RE</a><div class="article-meta-wrap"><span class="post-meta-date"><i class="far fa-calendar-alt"></i><span class="article-meta-label">发表于</span><time datetime="2023-10-20T12:38:32.000Z" title="发表于 2023-10-20 20:38:32">2023-10-20</time></span></div><div class="content">Reversing-x64Elf-100追踪main 函数发现
1234567891011121314151617181920__int64 __fastcall main(int a1, char **a2, char **a3)&#123;  char s[264]; // [rsp+0h] [rbp-110h] BYREF  unsigned __int64 v5; // [rsp+108h] [rbp-8h]  v5 = __readfsqword(0x28u);  printf(&quot;Enter the password: &quot;);  if ( !fgets(s, 255, stdin) )    return 0LL;  if ( (unsigned int)sub_4006FD((__int64)s) )   // 关键函数实现对比  &#123;    puts(&quot;Incorrect password!&quot;);    return 1LL;  &#125;  else  &#123;    puts(&quot;Nice!&quot;); ...</div></div></div><div class="recent-post-item"><div class="post_cover left"><a href="/2023/09/22/%E5%AE%89%E5%8D%93%E5%B8%B8%E7%94%A8%E7%9B%AE%E5%BD%95/" title="安卓常用目录"><img class="post_bg" src="https://xyhutc.oss-cn-qingdao.aliyuncs.com/giteetuchuang/mmexport1694863328916.jpg" onerror="this.onerror=null;this.src='/img/404.jpg'" alt="安卓常用目录"></a></div><div class="recent-post-info"><a class="article-title" href="/2023/09/22/%E5%AE%89%E5%8D%93%E5%B8%B8%E7%94%A8%E7%9B%AE%E5%BD%95/" title="安卓常用目录">安卓常用目录</a><div class="article-meta-wrap"><span class="post-meta-date"><i class="far fa-calendar-alt"></i><span class="article-meta-label">发表于</span><time datetime="2023-09-22T01:27:02.000Z" title="发表于 2023-09-22 09:27:02">2023-09-22</time></span></div><div class="content">安卓常用目录data/data存放用户APK数据的目录，每个APK都有自己的目录，以包命名，就是在data/data/目录下，会产生一个跟Package一样的目录这是一个私有的目录，app只能访问各自的目录，除非root权限。
data/app用户安装的app在该目录下，导出app文件可以使用命令
1adb pull /data/app/包名-1/base.apk // 导出 APK 文件 其中，包名-1 是应用程序的版本号。



data/local/tmp临时目录权限比较大
system/app存放系统自带的app 
system/lib，system/lib64存放系统so文件
system/bin存放shell命令
system/frameworkAndroid系统所用到的框架，如一些jar文件
sd卡目录，不管手机有没有储存卡都会有这个目录，app操作sd卡需要申请权限Android几个目录的权限测试/data/data/pkgNameapp的私有目录，该路径下的文件，通常需要拷贝到sdcard目录，再pull出来
/data/local/tmp一个权限比较大的临时目录，一 ...</div></div></div><div class="recent-post-item"><div class="post_cover right"><a href="/2023/09/22/010Editor%E7%A0%B4%E8%A7%A3/" title="010Editor破解"><img class="post_bg" src="https://xyhutc.oss-cn-qingdao.aliyuncs.com/giteetuchuang/1694867487605.jpg" onerror="this.onerror=null;this.src='/img/404.jpg'" alt="010Editor破解"></a></div><div class="recent-post-info"><a class="article-title" href="/2023/09/22/010Editor%E7%A0%B4%E8%A7%A3/" title="010Editor破解">010Editor破解</a><div class="article-meta-wrap"><span class="post-meta-date"><i class="far fa-calendar-alt"></i><span class="article-meta-label">发表于</span><time datetime="2023-09-22T00:33:10.000Z" title="发表于 2023-09-22 08:33:10">2023-09-22</time></span></div><div class="content">分析010程序无壳可以放心使用，网上的破解方法也很多，但是大多数是使用注册机进行破解，这里我提供一个更简单的方法。
流程首先下载32位的最新版的010 Editor，将其载入Xdbg，查看其汇编代码。
先按F9使程序运行起来，按shift+d搜索字符串，我们要搜索的内容为刚进入程序时弹出来的内容，Evaluation

猜测具有换行符的才是真正的进入界面弹的字符串，将所有的字符串加个断点（F2）
可以看到，符合试用版提示的字符串有4个（都是换行符结尾），这4条指令地址非常接近，双击其中一条指令查看汇编代码，发现它们都在同一个子程序里，只是判断语句的分支不同。按F9运行一下，果然在启动之前能够中断，说明这段子程序就是在程序启动时用于检查注册状态的。
找到该程序段的入口地址，对其流程图进行分析

使用右键有个流程图或者直接选中那行按G

可以看到出现一个分支语句cmp 它主要是将eax里面的内容与0xDB进行对比，若对比通过则跳转到右边的不通过则跳转到左边，选中cmp eax,DB这一行按G返回，找到注册标志后，改程序流向是无效的，必须找到设置注册标志的公共CALL，在CALL里边改程序流 ...</div></div></div><div class="recent-post-item"><div class="post_cover left"><a href="/2023/08/24/%E6%9F%90APP%E7%9A%84%E9%80%86%E5%90%91%E5%88%86%E6%9E%90/" title="某APP的逆向分析"><img class="post_bg" src="https://xyhutc.oss-cn-qingdao.aliyuncs.com/giteetuchuang/a4c8982faff8839d06cc010c864e02e8092efb23_raw.jpg" onerror="this.onerror=null;this.src='/img/404.jpg'" alt="某APP的逆向分析"></a></div><div class="recent-post-info"><a class="article-title" href="/2023/08/24/%E6%9F%90APP%E7%9A%84%E9%80%86%E5%90%91%E5%88%86%E6%9E%90/" title="某APP的逆向分析">某APP的逆向分析</a><div class="article-meta-wrap"><span class="post-meta-date"><i class="far fa-calendar-alt"></i><span class="article-meta-label">发表于</span><time datetime="2023-08-24T14:02:11.000Z" title="发表于 2023-08-24 22:02:11">2023-08-24</time></span></div><div class="content">首先是进行抓包

抓包发现点击登录之后发出去了一个登录的数据包，复制其中的 &quot;Encrypt&quot;在反编译工具中进行查找。搜索到两个疑似的函数

由于不确定是哪个函数，所以采用hock的方法进行判断。由于手机和电脑都配置了hock的环境。
​    
启动手机端的hock程序
1.data/local/tmp/fsarm64

启动hock脚本
1frida -UF -l hock.js

hock第一个函数，发现并没有显示结果。
12345678910Java.perform(()=&gt;&#123;    var jsonRequest = Java.use(&quot;com.dodonew.online.http.JsonRequest&quot;)     console.log(jsonRequest)    jsonRequest.paraMap.implementation = function(a)&#123;        console.log(&quot;params1&quot;,a)        this.paraMap(a)    &# ...</div></div></div><div class="recent-post-item"><div class="post_cover right"><a href="/2023/08/15/r0capture%E9%85%8D%E7%BD%AE%E5%8F%8A%E4%BD%BF%E7%94%A8/" title="r0capture配置及使用"><img class="post_bg" src="https://xyhutc.oss-cn-qingdao.aliyuncs.com/giteetuchuang/e949e0eafeff40990e43c84788d0da792aa57820_raw.jpg" onerror="this.onerror=null;this.src='/img/404.jpg'" alt="r0capture配置及使用"></a></div><div class="recent-post-info"><a class="article-title" href="/2023/08/15/r0capture%E9%85%8D%E7%BD%AE%E5%8F%8A%E4%BD%BF%E7%94%A8/" title="r0capture配置及使用">r0capture配置及使用</a><div class="article-meta-wrap"><span class="post-meta-date"><i class="far fa-calendar-alt"></i><span class="article-meta-label">发表于</span><time datetime="2023-08-15T13:59:35.000Z" title="发表于 2023-08-15 21:59:35">2023-08-15</time></span></div><div class="content">r0capture配置及使用下载github地址：https://github.com/r0ysue/r0capture
配置安装依赖123Python版本&gt;=3.6pip install logurupip install click

安装  frida详见另一篇博客
使用先启动frida
12cd /data/local/tmp./fsarm64



切记仅限安卓平台7、8、9、10、11 可用 ，禁止使用模拟器。

Spawn 模式：

1$ python3 r0capture.py -U -f com.coolapk.market -v


Attach 模式，抓包内容保存成pcap文件供后续分析：

1$ python3 r0capture.py -U 酷安 -v -p iqiyi.pcap

建议使用Attach模式，从感兴趣的地方开始抓包，并且保存成pcap文件，供后续使用Wireshark进行分析。

老版本Frida使用包名，新版本Frida使用APP名。APP名必须是点开app后，frida-ps -U显示的那个app名字。


收发包函数定位：Spawn ...</div></div></div><div class="recent-post-item"><div class="post_cover left"><a href="/2023/07/01/%E6%93%8D%E4%BD%9C%E7%B3%BB%E7%BB%9F%E4%BB%8E0%E5%88%B01/" title="操作系统从0到1"><img class="post_bg" src="https://xyhutc.oss-cn-qingdao.aliyuncs.com/giteetuchuang/1687969867170.jpg" onerror="this.onerror=null;this.src='/img/404.jpg'" alt="操作系统从0到1"></a></div><div class="recent-post-info"><a class="article-title" href="/2023/07/01/%E6%93%8D%E4%BD%9C%E7%B3%BB%E7%BB%9F%E4%BB%8E0%E5%88%B01/" title="操作系统从0到1">操作系统从0到1</a><div class="article-meta-wrap"><span class="post-meta-date"><i class="far fa-calendar-alt"></i><span class="article-meta-label">发表于</span><time datetime="2023-07-01T13:21:45.000Z" title="发表于 2023-07-01 21:21:45">2023-07-01</time></span></div><div class="content">一 部署工作环境开发环境：Ubuntu 20.04 LTS
首先是需要安装的东西：
123sudo apt install build-essentialsudo apt-get install libghc-x11-devsudo apt-get install xorg-dev

下载Bochs https://udomain.dl.sourceforge.net/project/bochs/bochs/2.6.8/bochs-2.6.8.tar.gz
下载完毕之后将其移动至虚拟机中想要的位置，然后解压，命令：tar -zxvf bochs-2.6.8.tar.gz
为即将要安装的bochs创建一个空目录
1mkdir bochs

进入解压后的bochs-2.6.8文件夹 cd bochs-2.6.8
配置bochs的config文件（–prefix这后面填的是你想要安装bochs的目录），编译，安装
./configure –prefix=/home/ubuntu/Desktop/bochs –enable-debugger –enable-disasm –enable-iod ...</div></div></div><div class="recent-post-item"><div class="post_cover right"><a href="/2023/04/24/buuctfRE/" title="buuctfRE"><img class="post_bg" src="https://xyhutc.oss-cn-qingdao.aliyuncs.com/giteetuchuang/1681534560034.jpg" onerror="this.onerror=null;this.src='/img/404.jpg'" alt="buuctfRE"></a></div><div class="recent-post-info"><a class="article-title" href="/2023/04/24/buuctfRE/" title="buuctfRE">buuctfRE</a><div class="article-meta-wrap"><span class="post-meta-date"><i class="far fa-calendar-alt"></i><span class="article-meta-label">发表于</span><time datetime="2023-04-23T16:39:18.000Z" title="发表于 2023-04-24 00:39:18">2023-04-24</time></span></div><div class="content">Ascii码表ASCII ((American Standard Code for Information Interchange):  美国信息交换标准代码）是基于拉丁字母的一套电脑编码系统，主要用于显示现代英语和其他西欧语言。它是最通用的信息交换标准，并等同于国际标准ISO/IEC 646。ASCII第一次以规范标准的类型发表是在1967年，最后一次更新则是在1986年，到目前为止共定义了128个字符。
ASCII码表具体如下所示：



Bin (二进制)
Oct (八进制)
Dec (十进制)
Hex (十六进制)
缩写/字符
解释



0000 0000
00
0
0x00
NUL(null)
空字符


0000 0001
01
1
0x01
SOH(start of headline)
标题开始


0000 0010
02
2
0x02
STX (start of text)
正文开始


0000 0011
03
3
0x03
ETX (end of text)
正文结束


0000 0100
04
4
0x04
EOT (end of transmission) ...</div></div></div><div class="recent-post-item"><div class="post_cover left"><a href="/2023/04/12/Centos7%E6%89%A9%E5%AE%B9/" title="Centos7扩容"><img class="post_bg" src="https://xyhutc.oss-cn-qingdao.aliyuncs.com/giteetuchuang/1687276187840.png" onerror="this.onerror=null;this.src='/img/404.jpg'" alt="Centos7扩容"></a></div><div class="recent-post-info"><a class="article-title" href="/2023/04/12/Centos7%E6%89%A9%E5%AE%B9/" title="Centos7扩容">Centos7扩容</a><div class="article-meta-wrap"><span class="post-meta-date"><i class="far fa-calendar-alt"></i><span class="article-meta-label">发表于</span><time datetime="2023-04-12T12:52:01.000Z" title="发表于 2023-04-12 20:52:01">2023-04-12</time></span></div><div class="content">将虚拟机关机，然后点击VM顶部菜单栏中的显示或隐藏控制台视图按钮来显示已建立的虚拟机的配置信息 ，然后左边菜单栏点击硬盘，在弹出的对话框选中硬盘，并点击扩展按钮，然后在弹出框中的最大磁盘大小修改未所需要的磁盘大小，比如我现在需要扩容15G，原本的磁盘大小是20G，所以我这里将原本的20G修改成35G，然后点击扩展,（如果存在快照，提前上传快照，否则不能扩展）
https://blog.51cto.com/u_16060121/6176862
</div></div></div><div class="recent-post-item"><div class="post_cover right"><a href="/2023/04/11/Linux%E8%99%9A%E6%8B%9F%E6%9C%BA%E5%9B%BA%E5%AE%9Aip/" title="Linux虚拟机固定ip"><img class="post_bg" src="https://xyhutc.oss-cn-qingdao.aliyuncs.com/giteetuchuang/a19ecbd99d6c5b7311d7decd01b3204d_750.png" onerror="this.onerror=null;this.src='/img/404.jpg'" alt="Linux虚拟机固定ip"></a></div><div class="recent-post-info"><a class="article-title" href="/2023/04/11/Linux%E8%99%9A%E6%8B%9F%E6%9C%BA%E5%9B%BA%E5%AE%9Aip/" title="Linux虚拟机固定ip">Linux虚拟机固定ip</a><div class="article-meta-wrap"><span class="post-meta-date"><i class="far fa-calendar-alt"></i><span class="article-meta-label">发表于</span><time datetime="2023-04-11T15:01:22.000Z" title="发表于 2023-04-11 23:01:22">2023-04-11</time></span></div><div class="content">设置静态IPV41234centos7的网络IP地址配置文件在/etc/sysconfig/network-scripts文件夹下。查看当前网卡名称 ifconfig。ens33网卡对应的配置文件为ifcfg-ens33，使用vim编辑。vim /etc/sysconfig/network-scripts/ifcfg-ens33

修改前：
12345678910111213141516TYPE=&quot;Ethernet&quot;PROXY_METHOD=&quot;none&quot;BROWSER_ONLY=&quot;no&quot;BOOTPROTO=&quot;dhcp&quot;DEFROUTE=&quot;yes&quot;IPV4_FAILURE_FATAL=&quot;no&quot;IPV6INIT=&quot;yes&quot;IPV6_AUTOCONF=&quot;yes&quot;IPV6_DEFROUTE=&quot;yes&quot;IPV6_FAILURE_FATAL=&quot;no&quot;IPV6_ADDR_GEN_MODE=&quot;s ...</div></div></div><div class="recent-post-item"><div class="post_cover left"><a href="/2023/04/03/160%E4%B8%AACrackMe/" title="160个CrackMe"><img class="post_bg" src="https://xyhutc.oss-cn-qingdao.aliyuncs.com/giteetuchuang/1680364855701.png" onerror="this.onerror=null;this.src='/img/404.jpg'" alt="160个CrackMe"></a></div><div class="recent-post-info"><a class="article-title" href="/2023/04/03/160%E4%B8%AACrackMe/" title="160个CrackMe">160个CrackMe</a><div class="article-meta-wrap"><span class="post-meta-date"><i class="far fa-calendar-alt"></i><span class="article-meta-label">发表于</span><time datetime="2023-04-03T08:13:53.000Z" title="发表于 2023-04-03 16:13:53">2023-04-03</time></span></div><div class="content">CrackMe001程序没有加壳，可以放心逆向

拖入OD找到以下字符串，可以看到下面的Failed！是错误的弹出，上面的Congratz！是正确的弹出。

此处调用了比较的函数，在此函数处下一个断点，EAX处储存着输入的字符，EDX处储存着需要比较的字符，由于字符是直接写死，所以第一个序列号是一个固定的硬编 码 Hello Dude!

输入 Hello Dude! 程序弹出正确提示 序列号部分完成

接下来分析用户名和序列号的部分 这个部分比单纯的序列号要有点难度，先找到入口函数。

首先程序会取输入的用户名的第一位，后将第一位乘0x29再乘2，修改完后的数据存在原来的内存地址中

后通过栈中的操作，在字符串的前后分别添加  CW-与-CRACKED最后将输入的密码与拼接好的字符串进行匹配。
注册机：
123456str1 = &#x27;CW-&#x27;str2 = &#x27;-CRACKED&#x27;username = input(&quot;请输入用户名:&quot;)username = username[:1:]username = str(ord(usernam ...</div></div></div><div class="recent-post-item"><div class="post_cover right"><a href="/2023/03/26/FridaHook%E7%8E%AF%E5%A2%83%E6%90%AD%E5%BB%BA/" title="FridaHook环境搭建"><img class="post_bg" src="https://xyhutc.oss-cn-qingdao.aliyuncs.com/giteetuchuang/26c0454e9f0233f8a807af941e731895295e2fb0_raw.jpg" onerror="this.onerror=null;this.src='/img/404.jpg'" alt="FridaHook环境搭建"></a></div><div class="recent-post-info"><a class="article-title" href="/2023/03/26/FridaHook%E7%8E%AF%E5%A2%83%E6%90%AD%E5%BB%BA/" title="FridaHook环境搭建">FridaHook环境搭建</a><div class="article-meta-wrap"><span class="post-meta-date"><i class="far fa-calendar-alt"></i><span class="article-meta-label">发表于</span><time datetime="2023-03-26T11:21:18.000Z" title="发表于 2023-03-26 19:21:18">2023-03-26</time></span></div><div class="content">frida版本：14.2.18
frida-tools：9.2.5
python：3.7
此配置适用于Android10版本的逆向，具体版本适配请参考官网
一.安装python3.7前往python官网找到3.7版本下载，网上方法很多这里不在赘述
二.安装 Frida和 Frida-tools12pip install frida==14.2.18pip install frida-tools==9.2.5

若没科学上网环境可能很慢，等个30分钟左右就差不多了
检查环境：
1frida --version

若出现14.2.18则Frida-tools安装成功
进入python解释器
1import  frida

若不报错则 frida安装成功
</div></div></div><nav id="pagination"><div class="pagination"><span class="page-number current">1</span><a class="page-number" href="/page/2/#content-inner">2</a><span class="space">&hellip;</span><a class="page-number" href="/page/6/#content-inner">6</a><a class="extend next" rel="next" href="/page/2/#content-inner"><i class="fas fa-chevron-right fa-fw"></i></a></div></nav></div><div class="aside-content" id="aside-content"><div class="card-widget card-info"><div class="is-center"><div class="avatar-img"><img src="/img/2.jpg" onerror="this.onerror=null;this.src='/img/friend_404.gif'" alt="avatar"/></div><div class="author-info__name">惜缘怀古</div><div class="author-info__description">唯有那份炫目，未曾忘却</div></div><div class="card-info-data is-center"><div class="card-info-data-item"><a href="/archives/"><div class="headline">文章</div><div class="length-num">66</div></a></div><div class="card-info-data-item"><a href="/tags/"><div class="headline">标签</div><div class="length-num">0</div></a></div><div class="card-info-data-item"><a href="/categories/"><div class="headline">分类</div><div class="length-num">0</div></a></div></div><a class="button--animated" id="card-info-btn" target="_blank" rel="noopener" href="https://github.com/xxxxxx"><i class="fab fa-github"></i><span>Follow Me</span></a></div><div class="card-widget card-announcement"><div class="item-headline"><i class="fas fa-bullhorn card-announcement-animation"></i><span>公告</span></div><div class="announcement_content">This is my Blog</div></div><div class="sticky_layout"><div class="card-widget card-recent-post"><div class="item-headline"><i class="fas fa-history"></i><span>最新文章</span></div><div class="aside-list"><div class="aside-list-item"><a class="thumbnail" href="/2023/11/06/2023%E8%93%9D%E5%B8%BD%E6%9D%AF%E5%86%B3%E8%B5%9BWP/" title="2023蓝帽杯决赛WP"><img src="https://xyhutc.oss-cn-qingdao.aliyuncs.com/giteetuchuang/20231106163334.png" onerror="this.onerror=null;this.src='/img/404.jpg'" alt="2023蓝帽杯决赛WP"/></a><div class="content"><a class="title" href="/2023/11/06/2023%E8%93%9D%E5%B8%BD%E6%9D%AF%E5%86%B3%E8%B5%9BWP/" title="2023蓝帽杯决赛WP">2023蓝帽杯决赛WP</a><time datetime="2023-11-06T08:31:51.000Z" title="发表于 2023-11-06 16:31:51">2023-11-06</time></div></div><div class="aside-list-item"><a class="thumbnail" href="/2023/10/20/%E6%94%BB%E9%98%B2%E4%B8%96%E7%95%8CRE/" title="攻防世界RE"><img src="https://xyhutc.oss-cn-qingdao.aliyuncs.com/giteetuchuang/c78ed35b1e3999643d52a652257558af0a15b4c9_raw.jpg" onerror="this.onerror=null;this.src='/img/404.jpg'" alt="攻防世界RE"/></a><div class="content"><a class="title" href="/2023/10/20/%E6%94%BB%E9%98%B2%E4%B8%96%E7%95%8CRE/" title="攻防世界RE">攻防世界RE</a><time datetime="2023-10-20T12:38:32.000Z" title="发表于 2023-10-20 20:38:32">2023-10-20</time></div></div><div class="aside-list-item"><a class="thumbnail" href="/2023/09/22/%E5%AE%89%E5%8D%93%E5%B8%B8%E7%94%A8%E7%9B%AE%E5%BD%95/" title="安卓常用目录"><img src="https://xyhutc.oss-cn-qingdao.aliyuncs.com/giteetuchuang/mmexport1694863328916.jpg" onerror="this.onerror=null;this.src='/img/404.jpg'" alt="安卓常用目录"/></a><div class="content"><a class="title" href="/2023/09/22/%E5%AE%89%E5%8D%93%E5%B8%B8%E7%94%A8%E7%9B%AE%E5%BD%95/" title="安卓常用目录">安卓常用目录</a><time datetime="2023-09-22T01:27:02.000Z" title="发表于 2023-09-22 09:27:02">2023-09-22</time></div></div><div class="aside-list-item"><a class="thumbnail" href="/2023/09/22/010Editor%E7%A0%B4%E8%A7%A3/" title="010Editor破解"><img src="https://xyhutc.oss-cn-qingdao.aliyuncs.com/giteetuchuang/1694867487605.jpg" onerror="this.onerror=null;this.src='/img/404.jpg'" alt="010Editor破解"/></a><div class="content"><a class="title" href="/2023/09/22/010Editor%E7%A0%B4%E8%A7%A3/" title="010Editor破解">010Editor破解</a><time datetime="2023-09-22T00:33:10.000Z" title="发表于 2023-09-22 08:33:10">2023-09-22</time></div></div><div class="aside-list-item"><a class="thumbnail" href="/2023/08/24/%E6%9F%90APP%E7%9A%84%E9%80%86%E5%90%91%E5%88%86%E6%9E%90/" title="某APP的逆向分析"><img src="https://xyhutc.oss-cn-qingdao.aliyuncs.com/giteetuchuang/a4c8982faff8839d06cc010c864e02e8092efb23_raw.jpg" onerror="this.onerror=null;this.src='/img/404.jpg'" alt="某APP的逆向分析"/></a><div class="content"><a class="title" href="/2023/08/24/%E6%9F%90APP%E7%9A%84%E9%80%86%E5%90%91%E5%88%86%E6%9E%90/" title="某APP的逆向分析">某APP的逆向分析</a><time datetime="2023-08-24T14:02:11.000Z" title="发表于 2023-08-24 22:02:11">2023-08-24</time></div></div></div></div><div class="card-widget card-archives"><div class="item-headline"><i class="fas fa-archive"></i><span>归档</span><a class="card-more-btn" href="/archives/" title="查看更多">
    <i class="fas fa-angle-right"></i></a></div><ul class="card-archive-list"><li class="card-archive-list-item"><a class="card-archive-list-link" href="/archives/2023/11/"><span class="card-archive-list-date">十一月 2023</span><span class="card-archive-list-count">1</span></a></li><li class="card-archive-list-item"><a class="card-archive-list-link" href="/archives/2023/10/"><span class="card-archive-list-date">十月 2023</span><span class="card-archive-list-count">1</span></a></li><li class="card-archive-list-item"><a class="card-archive-list-link" href="/archives/2023/09/"><span class="card-archive-list-date">九月 2023</span><span class="card-archive-list-count">2</span></a></li><li class="card-archive-list-item"><a class="card-archive-list-link" href="/archives/2023/08/"><span class="card-archive-list-date">八月 2023</span><span class="card-archive-list-count">2</span></a></li><li class="card-archive-list-item"><a class="card-archive-list-link" href="/archives/2023/07/"><span class="card-archive-list-date">七月 2023</span><span class="card-archive-list-count">1</span></a></li><li class="card-archive-list-item"><a class="card-archive-list-link" href="/archives/2023/04/"><span class="card-archive-list-date">四月 2023</span><span class="card-archive-list-count">4</span></a></li><li class="card-archive-list-item"><a class="card-archive-list-link" href="/archives/2023/03/"><span class="card-archive-list-date">三月 2023</span><span class="card-archive-list-count">4</span></a></li><li class="card-archive-list-item"><a class="card-archive-list-link" href="/archives/2023/01/"><span class="card-archive-list-date">一月 2023</span><span class="card-archive-list-count">2</span></a></li></ul></div><div class="card-widget card-webinfo"><div class="item-headline"><i class="fas fa-chart-line"></i><span>网站资讯</span></div><div class="webinfo"><div class="webinfo-item"><div class="item-name">文章数目 :</div><div class="item-count">66</div></div><div class="webinfo-item"><div class="item-name">本站总字数 :</div><div class="item-count">97.2k</div></div><div class="webinfo-item"><div class="item-name">本站访客数 :</div><div class="item-count" id="busuanzi_value_site_uv"></div></div><div class="webinfo-item"><div class="item-name">本站总访问量 :</div><div class="item-count" id="busuanzi_value_site_pv"></div></div><div class="webinfo-item"><div class="item-name">最后更新时间 :</div><div class="item-count" id="last-push-date" data-lastPushDate="2024-01-18T02:16:30.069Z"></div></div></div></div></div></div></main><footer id="footer"><div id="footer-wrap"><div class="copyright">&copy;2020 - 2024 By 惜缘怀古</div><div class="framework-info"><span>框架 </span><a target="_blank" rel="noopener" href="https://hexo.io">Hexo</a><span class="footer-separator">|</span><span>主题 </span><a target="_blank" rel="noopener" href="https://github.com/jerryc127/hexo-theme-butterfly">Butterfly</a></div></div></footer></div><div id="rightside"><div id="rightside-config-hide"><button id="darkmode" type="button" title="浅色和深色模式转换"><i class="fas fa-adjust"></i></button><button id="hide-aside-btn" type="button" title="单栏和双栏切换"><i class="fas fa-arrows-alt-h"></i></button></div><div id="rightside-config-show"><button id="rightside_config" type="button" title="设置"><i class="fas fa-cog fa-spin"></i></button><button id="go-up" type="button" title="回到顶部"><i class="fas fa-arrow-up"></i></button></div></div><div><script src="/js/utils.js"></script><script src="/js/main.js"></script><script src="https://cdn.jsdelivr.net/npm/@fancyapps/ui/dist/fancybox.umd.js"></script><div class="js-pjax"></div><script async data-pjax src="//busuanzi.ibruce.info/busuanzi/2.3/busuanzi.pure.mini.js"></script></div></body></html>